Presentation is loading. Please wait.

Presentation is loading. Please wait.

PfSense Garrison Vaughan, Kyle Nester, Anthony Taliercio.

Similar presentations


Presentation on theme: "PfSense Garrison Vaughan, Kyle Nester, Anthony Taliercio."— Presentation transcript:

1 pfSense Garrison Vaughan, Kyle Nester, Anthony Taliercio

2 Overview pfSense is a distribution of FreeBSD that has been customized for use as a firewall and router. It includes a package system that allows for further expandability without adding bloat or security vulnerabilities to the base distribution. pfSense has more than 1 million downloads since its release.

3 Overview The project started in 2004 as a spin off of the m0n0wall project, but focused on PC installations rather than the hardware focus of m0n0wall. pfSense also offers an image for Compact Flash installations. It includes most all the features in more expensive commercial firewalls.

4 Features Firewall State Table Network Address Translation (NAT) Redundancy Inbound/Outbound Load Balancing Three options for VPN (IPsec, OpenVPN, PPTP) PPPoE Reporting and Monitoring through graphs and real-time monitoring Dynamic DNS Captive Portal DHCP Server and Relay New features and upgrades continually

5 Hardware for pfSense When picking out hardware for use with pfSense, two main factors need to be considered. Throughput required and features that will be used. The following guidelines should be used when picking hardware to support the needed throughput.

6 Hardware for pfSense 10-20 Mbps - No less than 266 MHz CPU 21-50 Mbps - No less than 500 MHz CPU 51-200 Mbps - No less than 1.0 GHz CPU 201-500 Mbps - server class hardware with PCI-X or PCI-e network adapters, or newer desktop hardware with PCI-e network adapters. No less than 2.0 GHz CPU. 501+ Mbps - server class hardware with PCI-X or PCI-e network adapters. No less than 3.0 GHz CPU.

7 Hardware for pfSense Usually the features used do not factor into hardware choices, but there are a few that have a more significant impact on utilization. The following considerations should be made when choosing features and hardware.

8 Hardware for pfSense VPN - Heavy use any VPN services included in pfSense will increase CPU requirements. A 266 MHz CPU can handle about 4 Mbps of IPsec throughput, a 500 MHz CPU about 10-15 Mbps, and newer server hardware can handle over 100 Mbps. Captive portal - Hundreds of simultaneous captive portal users require slightly more CPU power. Large state tables - State table entries require about 1 KB of RAM each. The default state table takes up a little less than 10 MB RAM when full. Ensure adequate RAM is available as the number of table entries increase. Packages - Some packages can increase RAM requirements significantly. Be sure to check specific package requirements before they are installed.

9 Installation Installing pfSense is simple. It is a modified FreeBSD install and should be familiar to anyone that has installed FreeBSD previously. It can also be ran from a boot disc/usb. Setting up pfSense is more complicated than Untangle, but also more flexible. The interface is not as straight forward as Untangle either, but with a little digging, almost any setting that an admin could want can be found. With open source development any extra features that are needed can be quickly prototyped and tested by the community. pfSense is an extremely good alternative to Untangle when cost is an issue.

10 Interface – Main Page

11 Interface – Traffic Graph

12 Interface – Firewall Aliases

13 Interface – Alias List

14 Interface – Firewall Rules


Download ppt "PfSense Garrison Vaughan, Kyle Nester, Anthony Taliercio."

Similar presentations


Ads by Google